The NSA reportedly gained secret access to the networks of Internet companies, like Google and Yahoo. Millions of users could have been affected. But what is new in the revelations about the program known as Muscular?
The US intelligence agency NSA can access data transferred via Internet platforms, like Google, Yahoo, Microsoft and Apple, but that is hardly news. Prism is the name of one program allowing it such access, and details about Prism were published this summer. So what explains the indignation surrounding the US-British joint project code named "Muscular," mechanisms of which were revealed this week?
The numbers alone are enough to make your eyes pop. Within a single month, the NSA reportedly copies to its servers over 180 million data sets from the internal networks of Google and Yahoo. According to the "Washington Post," that data includes content from emails, videos and spoken messages. The newspaper cites documents it received from whistleblower Edward Snowden and has published a now famous drawing that appears to have been presented at an NSA meeting from January 9. The drawing details how intelligence officials manage to snag Google and Yahoo users' information.
What's new is that the NSA has been accused of copying data routinely, without the companies' knowledge and without a court order. Google's legal department said it was outraged at the extent to which the government appears to have gone to extract information from its private fiber-optic networks.
Experts say the US intelligence targeted weak spots in the transfer of digital communications. "The way it looks now, the data appear to have been taken directly from the fiber-optic cables," said Holger Bleich, a journalist with the German computer magazine c't. "That works best at the places where the cables are newly connected - for example at amplifiers that are located in the water or at stations where the undersea cables come onto land."
The IT expert says it's possible that US intelligence may be tapping directly into cables that run along the floor of the ocean.
Muscular's 'criminal quality'
As long as the NSA uses Muscular outside of the US, the agency can bypass legal strictures. In contrast, when Prism is used, intelligence officials must send a direct request to the companies involved. A special body called the Foreign Intelligence Surveillance Court then determines whether such requests are legally permissible. Only if the court agrees are the companies required to hand over data to the NSA, but by using Muscular, the legal hurdle vanishes.
German Green party politician Jan Philipp Albrecht is coordinating a special committee in theEuropean Parliament to investigate the NSA affair. Albrecht returned Thursday (31.10.2013) from discussions in Washington, where he and other EU parliamentarians spoke with Obama administration officials about the growing scandal. In a DW interview, the Green politician described the Muscular program as being cyber attacks on the infrastructure of private companies, saying, "That has a criminal quality."
Thus far, however, the NSA has disputed such characterizations. The agency's head, Keith Alexander, claims there was no direct access to the servers of Google, Yahoo and other companies. Such acts, he continued, would require court authorization via the FBI. Alexander further maintains that the number of individuals affected is not in the millions but in the thousands - and generally only persons suspected of terrorism.
But Jan Philipp Albrecht says EU citizens have been defenseless victims in acts of espionage. "They violate European Union law, and they also violate criminal laws in individual member states - for example in Finland, where the companies' servers were attacked by the NSA," Albrecht said, going on to call that an infringement on international treaties that ban such access to citizens' data.
The EU parliamentarian returned from his talks in Washington with the impression that the US government has yet to appreciate the magnitude of the NSA scandal.
Too little user protection?
Albrecht reports that representatives from Internet companies with whom he met in the US expressed deep concern about the revelations, especially since it could spell problems for their business. "Many clients that have email accounts with Google or Yahoo will now be thinking twice about whether they want someone to be able to fish around constantly in their emails," he said.
Computer specialist Holger Bleich puts part of the blame squarely on such companies, saying they were naive if they assumed intelligence officials would not secretly intercept any of their data. He also said it raises questions about Google and Yahoo not sufficiently protecting data transferred between their server centers all across the world. "Our data is being sent from the US to Finland and then, for example, to Ireland, and all of that is happening in a very obviously unencrypted way," he explained.
Criticism of Great Britain
EU parliamentarian Albrecht is urging the EU to issue a stronger response to the reports of US espionage against its allies, but he notes that Great Britain and its intelligence agency GCHQ also deserve part of the blame.
"It is completely unacceptable that an EU member state can use the cloak of national security to break all rules and fundamental rights in the European Union without there being even the softest criticism," Albrecht said.
When it comes to the typical private Internet user, Holger Bleich doesn't hold out much hope that it's possible to dodge NSA surveillance. "Essentially, there's no chance," he said.